Hi, I've committed changes I've made: - added possibility to register new OAuth client applications at OAuth server - OAuth demos moved to distribution\src\main\samples\ - added README to OAuth demos - fixes in pom.xml files
- fix the checkstyle errors and move the demo to the ""distribution/src/main/release/samples/"" area and also add Readme; after building the distribution (mvn install in trunk/distribution) you can easily verify the demo can be run by locating in the target. fixed that, and added readme > - add the oauth dependency in the parent pom so that the rs/oauth module > can depend on it without specifying a version and have the demo client module depending on rt/rs/oauth module instead (similarly to the server one) done, hovewer demo client don't need to depend on rt/rs/oauth as it doesn't use cxf functionality, just on oauth libraries > - during the main build please use the Spring version CXF depends upon and use its -Pspring3 profile to build for the deployment into GAE changed, both client and server demos needs to be build with -Pspring3 for local jetty run and GAE as well. Otherwise I would need use different spring config files for spring 2.5 and 3.0.x Cheers, Lukasz W dniu 29 lipca 2010 21:15 użytkownik Sergey Beryozkin <[email protected] > napisał: > Hi > > 2010/7/29 Łukasz Moreń <[email protected]> > > > Hi, > > > > I'm still working on refactoring and changes in demo you suggested. > > I will likely update it tomorrow. > > > > I'll likely ask for some modifications but perhaps if you could start > with > > > updating the demo > > > > such that a consumer initiates its own registration with the OAuth > server. > > > > > > I'm going to put high effort on my GSoC project next weeks. I would > really > > appreciate, > > if you would have some more modifications requests/directions which > project > > should go, as you have limited time next week > > and current changes will not take long. > > > > From what I'm seeing, I need to cover spec with code, simplify > > configuration > > and do more testing. > > > > > I have to sign off now...Please update the demo so that the consumer > registers itself, plus supplies a callback itself with a request token > request, add README and it would let users start experimenting. IMHO the > initial phase can be considered complete once there's a demo there which > can > show users what they need to do. > > We can then discuss things further > > cheers, Sergey > > > > > Cheers, > > Lukasz > > > > 2010/7/29 Daniel Kulp <[email protected]> > > > > > > > > You probably just need to change your deps to: > > > > > > geronimo-servlet_3.0_spec > > > > > > > > > Dan > > > > > > > > > On Thursday 29 July 2010 3:35:57 pm Sergey Beryozkin wrote: > > > > Hi Lucasz > > > > > > > > I can't build the oauth sandbox project, seeing > > > > [ERROR] FATAL ERROR > > > > [INFO] > > > > > > ------------------------------------------------------------------------ > > > > [INFO] Error building POM (may not be this project's POM). > > > > > > > > > > > > Project ID: org.apache.cxf:cxf-rt-rs-oauth > > > > POM Location: > > > > /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml > > > > Validation Messages: > > > > > > > > [0] 'dependencies.dependency.version' is missing for > > > > org.apache.geronimo.specs:geronimo-servlet_2.5_spec:jar > > > > > > > > > > > > Reason: Failed to validate POM for project > > org.apache.cxf:cxf-rt-rs-oauth > > > > at /home/sberyozkin/work/cxf/sandbox/oauth_1.0a/rt/rs/oauth/pom.xml > > > > > > > > so I can not review the latest merge, sorry. I could've tried to fix > > this > > > > issue but I'm not sure if you're finished with the refactoring just > > yet. > > > > I'll be travelling tomorrow and I'll have some very limited time > during > > > the > > > > evenings next week but I'll try to provide some feedback at least > > > > > > > > cheers, Sergey > > > > > > > > > > > > 2010/7/26 Sergey Beryozkin <[email protected]> > > > > > > > > > Hi Łukasz > > > > > > > > > > 2010/7/26 Łukasz Moreń <[email protected]> > > > > > > > > > > Hi Sergey, > > > > > > > > > >> I'm really sorry for such commit, I know it shouldn't happen. I > > turned > > > > >> off checkstyle as i couldn't configure it properly on intellij and > > it > > > > >> was annoying during development. > > > > >> I will apply proper changes ASAP. > > > > >> > > > > >> no worries at all, I've broken the real builds with checkstyle > > errors > > > so > > > > > > > > > > many times and it is the CXF sandbox after :-) > > > > > > > > > >> According to the demo, I built it as usual web-app, if it worked, > > use > > > > >> this same sources to deploy on GAE. > > > > >> However because of GAE restrictions it always needs minor changes > > > > >> before deploy, i.e. GAE can't read configuration files such as: > > > > >> cxf-extension-http.xml > > > > >> from jars, so I copied it to WEB-INF folder. > > > > >> Commited to svn version does not depend on GAE SDK and can be run > > > > >> locally with jetty:run. > > > > >> > > > > >> Yes, I warned about server configuration part:). I will take care > to > > > > >> make it simpler. > > > > > > > > > > I do not think it is too complicated - the simplification can be > done > > > > > once the whole flow is sound... > > > > > > > > > >> So far, oauth consumer properties are hardcoded and injected into > > > > >> oauth provider, as I think it is not oauth library responsibility > to > > > > >> deal with consumer registration. > > > > >> Hovewer for demo it would be good to have something like that. I > > would > > > > >> do registration form at the server as it is done by current big > > oauth > > > > >> implementations. > > > > > > > > > > I agree that conceptually the registration of consumers is a > separate > > > > > issue. But it is part of the solution that users will be eventually > > > > > offering so just showing them that the consumers have to go and > > > register > > > > > themselves with help people with coming up with some custom > > > registration > > > > > forms, etc. The registration does not have to be done at the server > > > > > hosting the resource, it is just important for the OAuth provider > be > > > > > able to get to the consumer details. I'm fine with assuming at the > > > > > moment that the registration handler is collocated with the > > > > > endpoints/providers enforcing OAuth flow. > > > > > > > > > > But the callback uri which is being injected at the moment should > go > > > > > anyway given that it is part of the actual flow, specifically, the > > > > > consumer provides it during the request token request > > > > > > > > > >> Recently I've noticed that Camel have done oauth client as well:): > > > > >> http://camel.apache.org/tutorial-oauth.html > > > > >> > > > > >> Thanks much for review, and hints. > > > > > > > > > > thanks for your effort :-) > > > > > > > > > > Sergey > > > > > > > > > >> Cheers, > > > > >> Lukasz > > > > >> > > > > >> 2010/7/24 Sergey Beryozkin <[email protected]>: > > > > >> > Hi Łukasz > > > > >> > > > > > >> > Sorry for a delay, I should've come back earlier to you. > > > > >> > > > > > >> > I've run the demo hosted at the app engine and I think from the > > > > >> > > > > >> education > > > > >> > > > > >> > point of view it is a good demo and it is handy one does not > even > > > has > > > > >> > to build anything in order to try it. > > > > >> > > > > > >> > I've had a problem building the rt/rs/oauth tests - there's a > > bunch > > > of > > > > >> > CheckStyle errors. Can you please build sandbox/oauth_1.0a from > > the > > > > >> > > > > >> trunk, > > > > >> > > > > >> > just do 'mvn install -Pfastinstall' and then do 'mvn install' > from > > > > >> > > > > >> rt/rs/ ? > > > > >> > > > > >> > One other thing, please move the demo to > > > > >> > "distribution/src/main/release/samples/" as well add Readme to > it. > > > > >> > > > > > >> > Also I can not build the demo too, the client build fails with > the > > > > >> > > > > >> following > > > > >> > > > > >> > dependency missing > > > > >> > 1) net.oauth.core:oauth-consumer:jar:20100527 > > > > >> > > > > > >> > But I'm seeing an oauth repo in the rt/rs/oauth pom, have you > > built > > > it > > > > >> > > > > >> in > > > > >> > > > > >> > the GAE dev environment ? > > > > >> > > > > > >> > Can you please spend a bit of time on cleaning the build a bit : > > > > >> > - fix the checkstyle errors and move the demo to the > > > > >> > ""distribution/src/main/release/samples/"" area and also add > > Readme; > > > > >> > > > > >> after > > > > >> > > > > >> > building the distribution (mvn install in trunk/distribution) > you > > > can > > > > >> > > > > >> easily > > > > >> > > > > >> > verify the demo can be run by locating in the target. > > > > >> > - add the oauth dependency in the parent pom so that the > rs/oauth > > > > >> > module > > > > >> > > > > >> can > > > > >> > > > > >> > depend on it without specifying a version and have the demo > client > > > > >> > > > > >> module > > > > >> > > > > >> > depending on rt/rs/oauth module instead (similarly to the server > > > one) > > > > >> > - during the main build please use the Spring version CXF > depends > > > upon > > > > >> > > > > >> and > > > > >> > > > > >> > use its -Pspring3 profile to build for the deployment into GAE > > > > >> > > > > > >> > As far as the demo is concerned. I looked at the server part and > > it > > > > >> > > > > >> looks > > > > >> > > > > >> > complicated enough :-) but I think it makes sense to me. I'll > > likely > > > > >> > ask > > > > >> > > > > >> for > > > > >> > > > > >> > some modifications but perhaps if you could start with updating > > the > > > > >> > demo such that a consumer initiates its own registration with > the > > > > >> > OAuth > > > > >> > > > > >> server : > > > > >> > I can see at the moment an oauth provider is injected with some > > > sample > > > > >> > consumer properties. I'm not sure what is the best way to do it > : > > > may > > > > >> > be > > > > >> > > > > >> the > > > > >> > > > > >> > server can return a registration form or the client can just > push > > > the > > > > >> > registration info itself. > > > > >> > > > > > >> > Overall I think it is a good progress indeed especially given > the > > > > >> > > > > >> complexity > > > > >> > > > > >> > of the whole effort. > > > > >> > > > > > >> > > > > > >> > > > > > >> > thanks, Sergey > > > > >> > > > > > >> > On Wed, Jul 14, 2010 at 10:14 PM, Łukasz Moreń < > > > [email protected] > > > > >> > > > > > >> >wrote: > > > > >> >> Hi all, > > > > >> >> > > > > >> >> I have managed to create two sample OAuth aplications: > > > > >> >> ordinary OAuth 1.0a client: http://www.oauthclient.appspot.com > > > > >> >> and authorization server that uses CXF OAuth module: > > > > >> >> http://www.cxfoauthserver.appspot.com > > > > >> >> > > > > >> >> Both sample applications and changes in oauth library are > > commited > > > in > > > > >> >> sandbox. > > > > >> >> > > > > >> >> OAuth configuration in sample authorization server app looks a > > bit > > > > >> >> awfully but I think most of that can be hidden and done out of > > > band. > > > > >> >> There is still some areas in specification not covered by > > > > >> >> implementation, so I would like to take care of that in next > > steps. > > > > >> >> > > > > >> >> Thanks in advance for some feedback. > > > > >> >> > > > > >> >> Cheers, > > > > >> >> Lukasz > > > > > > -- > > > Daniel Kulp > > > [email protected] > > > http://dankulp.com/blog > > > > > >
